Screen OS

Dear all,

we have around 20 vpn over satellite which has the delay of more than 800ms. vpn is established and data is flowing between the sites but as soon as vpn is down because of any cause, after that vpn is never established again, mean to say we have to unbind the vpn from tunnel interface or some times we have to restart the ssg140 at the branch end.  we are using route based vpns, isg2000 in cluster at data center and ssg140 at client end. no routing protocol is running only static routes. Please if some one has any idea regarding this.  thanks

Regards,

Badar

Badar,

Why do the tunnels go down? Is there any obvious reason?

Do they reestablish if you manually remove the Phase2 SA?

Do both sides see the VPN as down?

Hi,

I would recommend enabling the VPN Monitor with the Rekey option.  Just make sure you use an IP that responds to PING.  Most of my customers prefer to use the trust IP on the Firewall at the remote end.  I hope this helps.

-John

Hi,

How much time u had waited for the VPN to become up? Enable VPN monitoring with rekey on both sides and tell us how it goes?

Hi Badar,,

What is the message that appears on the event log ?

Thanks,

Indra Elkim

Dear All,

Problems has been solved. I have set the MTU size to 1352 on the physical interface of the remote firewall which is behind the Satellite link. on the interface on which the sateliite link is terminated. now its working fine. no packet is dropping, its slow but working fine. thanks to all who contributed in order to resolve this issue. thanks

badar